MFC r261499 (pjd):

Fix installations that use kernels without CAPABILITIES support.
author: delphij <delphij@FreeBSD.org> 2014-03-03 23:19:28 +0000
committer: delphij <delphij@FreeBSD.org> 2014-03-03 23:19:28 +0000
commit: 9f46cb935f6bd9236be057988d56622cfec05740 (patch)
tree: b9bd18b5d743608ded20daebc68d07207a6f5358 /crypto
parent: 6eebe77865abb548f2bc656c5fbd6fdef2f62247 (diff)
download: FreeBSD-src-9f46cb935f6bd9236be057988d56622cfec05740.zip
FreeBSD-src-9f46cb935f6bd9236be057988d56622cfec05740.tar.gz
1 files changed, 4 insertions, 2 deletions
diff --git a/crypto/openssh/sandbox-capsicum.c b/crypto/openssh/sandbox-capsicum.c
index ee2a7e7..6064514 100644
--- a/crypto/openssh/sandbox-capsicum.c
+++ b/crypto/openssh/sandbox-capsicum.c
@@ -94,10 +94,12 @@ ssh_sandbox_child(struct ssh_sandbox *box)
 		fatal("can't limit stderr: %m");
 
 	cap_rights_init(&rights, CAP_READ, CAP_WRITE);
-	if (cap_rights_limit(box->monitor->m_recvfd, &rights) == -1)
+	if (cap_rights_limit(box->monitor->m_recvfd, &rights) == -1 &&
+	    errno != ENOSYS)
 		fatal("%s: failed to limit the network socket", __func__);
 	cap_rights_init(&rights, CAP_WRITE);
-	if (cap_rights_limit(box->monitor->m_log_sendfd, &rights) == -1)
+	if (cap_rights_limit(box->monitor->m_log_sendfd, &rights) == -1 &&
+	    errno != ENOSYS)
 		fatal("%s: failed to limit the logging socket", __func__);
 	if (cap_enter() < 0 && errno != ENOSYS)
 		fatal("%s: failed to enter capability mode", __func__);
author	delphij <delphij@FreeBSD.org>	2014-03-03 23:19:28 +0000
committer	delphij <delphij@FreeBSD.org>	2014-03-03 23:19:28 +0000
commit	9f46cb935f6bd9236be057988d56622cfec05740 (patch)
tree	b9bd18b5d743608ded20daebc68d07207a6f5358 /crypto
parent	6eebe77865abb548f2bc656c5fbd6fdef2f62247 (diff)
download	FreeBSD-src-9f46cb935f6bd9236be057988d56622cfec05740.zip FreeBSD-src-9f46cb935f6bd9236be057988d56622cfec05740.tar.gz